Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2020-7631 diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7632 node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7633 apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7634 heroku-addonpool through 0.1.15 is vulnerable to Command Injection. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7635 compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | 9.8 | CRITICAL | — | 0 |
| CVE-2014-3445 backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the adminis... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11545 Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id par... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20646 NETGEAR RAX40 devices before 1.0.3.64 are affected by disclosure of administrative credentials. | 9.8 | CRITICAL | — | 0 |
| CVE-2013-2060 The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11597 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request and inject SQL statements in the user context of the db owner. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11598 An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upload.ashx allows remote attackers to execute arbitrary code by uploading and executing an ASHX file. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11586 An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. | 9.8 | CRITICAL | — | 0 |
| CVE-2014-2896 The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an ou... | 9.8 | CRITICAL | — | 0 |
| CVE-2014-2897 The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC... | 9.8 | CRITICAL | — | 0 |
| CVE-2014-2898 wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11537 A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API. | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11536 An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's se... | 9.8 | CRITICAL | — | 0 |
| CVE-2016-11025 An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-711... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11535 An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to r... | 9.8 | CRITICAL | — | 0 |
| CVE-2016-11028 An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2... | 9.8 | CRITICAL | — | 0 |
| CVE-2014-2914 fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as de... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7489 A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming s... | 9.8 | CRITICAL | — | 0 |
| CVE-2016-11033 An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016). | 9.8 | CRITICAL | — | 0 |
| CVE-2016-11036 An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). | 9.8 | CRITICAL | — | 0 |
| CVE-2020-11534 An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wge... | 9.8 | CRITICAL | — | 0 |
| CVE-2016-11038 An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for share... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7487 A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18693 An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 201... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18696 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. RKP allows memory corruption. The Samsung ID is SVE-2016-7897 (January ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-7614 npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18652 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. SVoice allows arbitrary code execution by changing dynamic libraries. The Samsung ID is SVE-2017-9299 (September 2017... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-2961 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Supported versions that are affected are 13.2.0.0 and 13.3.0.0... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18655 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a stack-based buffer overflow with resultant memory corruption in a trustlet. The Samsung IDs are SVE-2017-8... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-2953 Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 18.0. Easily... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18660 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer overflow in tlc_server. The Samsung ID is SVE-2017-8888 (July 2017). | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18661 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer overflow in process_cipher_tdea. The Samsung ID is SVE-2017-8973 (July 2017). | 9.8 | CRITICAL | — | 0 |
| CVE-2013-4864 MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SS... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-2950 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8088 panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerica... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-8086 The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only fun... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-2931 Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability all... | 9.8 | CRITICAL | — | 0 |
| CVE-2015-8011 Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via... | 9.8 | CRITICAL | — | 0 |
| CVE-2018-21137 Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. | 9.8 | CRITICAL | — | 0 |
| CVE-2019-20787 Teeworlds before 0.7.4 has an integer overflow when computing a tilemap size. | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18681 An issue was discovered on Samsung Galaxy S5 mobile devices with software through 2016-12-20 (Qualcomm AP chipsets). There are multiple buffer overflows in the bootloader. The Samsung ID is SVE-2016-7... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18683 An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 (February 2017). | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18684 An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (F... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-2915 Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18690 An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. There is a buffer overflow in the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2017-18691 An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos8890 chipsets) software. There are multiple Buffer Overflows in TSP sysfs cmd_store. The Samsung ID is SVE-2016-7500 (Ja... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.